Okta 是否支持 openid connect (OIDC) 注销?
Does Okta support openid connect (OIDC) logout?
OPs supporting HTTP-based logout and OpenID Connect Discovery 1.0
[OpenID.Discovery] MUST provide this discovery value:
end_session_endpoint REQUIRED. URL at the OP to which an RP can
perform a redirect to request that the End-User be logged out at the
OP. The end_session_endpoint is used in exactly the same manner as
specified in Sections 2.1 and 5 of OpenID Connect Session Management,
including accepting the same query parameters as defined there in
Section 5: id_token_hint, post_logout_redirect_uri, and state.
Okta OIDC Discovery Document不包含"end_session_endpoint"
那么,在注销 OIDC 客户端应用程序后,用户如何才能注销 Okta?
openid 连接提供程序不需要结束会话端点。如果提供者还实现可选的额外规范(如您所指的规范),则这是必需的。虽然不确定 otka 具体实现了什么。
此功能目前正在@Okta 内部计划。资料来源:我在那里工作 =)
编辑:为您提供更多信息!为此,我们有一个开放的 JIRA 票证。我们将在接下来的几个月内完成它(不过不要引用我的话)。
OPs supporting HTTP-based logout and OpenID Connect Discovery 1.0 [OpenID.Discovery] MUST provide this discovery value:
end_session_endpoint REQUIRED. URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP. The end_session_endpoint is used in exactly the same manner as specified in Sections 2.1 and 5 of OpenID Connect Session Management, including accepting the same query parameters as defined there in Section 5: id_token_hint, post_logout_redirect_uri, and state.
Okta OIDC Discovery Document不包含"end_session_endpoint"
那么,在注销 OIDC 客户端应用程序后,用户如何才能注销 Okta?
openid 连接提供程序不需要结束会话端点。如果提供者还实现可选的额外规范(如您所指的规范),则这是必需的。虽然不确定 otka 具体实现了什么。
此功能目前正在@Okta 内部计划。资料来源:我在那里工作 =)
编辑:为您提供更多信息!为此,我们有一个开放的 JIRA 票证。我们将在接下来的几个月内完成它(不过不要引用我的话)。